** Description changed: + ** IMPORTANT NOTE FOR SRU TEAM MEMBERS ** + + We will exercise a new process for this type of SRU, where there is a + special case document AND security fixes involved. + + DO NOT ACCEPT THIS PACKAGE INTO PROPOSED + + **** + + This bug tracks an update for the Valkey package, moving to versions: * resolute (26.04) - 9.0.3 * questing (25.10) - 8.1.6 * noble (24.04) - 7.2.12 These updates include bug fixes following the SRU special case documentation at https://documentation.ubuntu.com/sru/en/latest/reference/exception- Valkey-Updates [Upstream changes] CVE Fixes: All versions: (CVE-2025-67733) RESP Protocol Injection via Lua error_reply (CVE-2026-21863) Remote DoS with malformed Valkey Cluster bus message 9.0.x: (CVE-2026-27623) Reset request type after handling empty requests Additional bug fixes: 9.0.3: https://github.com/valkey-io/valkey/pull/3160 https://github.com/valkey-io/valkey/pull/3182 https://github.com/valkey-io/valkey/pull/3205 8.1.5-8.1.6: https://github.com/valkey-io/valkey/pull/2944 https://github.com/valkey-io/valkey/pull/2983 https://github.com/valkey-io/valkey/pull/3005 https://github.com/valkey-io/valkey/pull/3160 https://github.com/valkey-io/valkey/pull/3182 https://github.com/valkey-io/valkey/pull/3205 https://github.com/valkey-io/valkey/pull/1826 https://github.com/valkey-io/valkey/pull/2753 https://github.com/valkey-io/valkey/pull/2817 https://github.com/valkey-io/valkey/pull/2840 https://github.com/valkey-io/valkey/pull/2899 7.2.12 https://github.com/valkey-io/valkey/pull/2787 https://github.com/valkey-io/valkey/pull/2830 https://github.com/valkey-io/valkey/pull/3160 changelog - https://github.com/valkey-io/valkey/releases Based on release notes and commit logs, I do not see any backwards- incompatible changes that will affect users in the new versions. - - Additionally, for the upload to questing, I am including the recent change added to resolute where the maxmemory test is skipped at build time, as it often causes archive builds to fail due to timeouts. + Additionally, for the upload to questing, I am including the recent + change added to resolute where the maxmemory test is skipped at build + time, as it often causes archive builds to fail due to timeouts. [Test Plan] Valkey autopkgtests: Direct links for autopkgtest results on amd64: https://autopkgtest.ubuntu.com/results/autopkgtest-resolute-lvoytek- valkey-sru/resolute/amd64/v/valkey/20260224_193852_d8c8b@/log.gz https://autopkgtest.ubuntu.com/results/autopkgtest-questing-lvoytek- valkey-sru/questing/amd64/v/valkey/20260224_200406_6008a@/log.gz https://autopkgtest.ubuntu.com/results/autopkgtest-noble-lvoytek-valkey- sru/noble/amd64/v/valkey/20260224_193905_c799b@/log.gz All other architectures were also successful against the PPA: https://launchpad.net/~lvoytek/+archive/ubuntu/valkey-sru [Regression Potential] Upstream has an extensive build and integration test suite. So regressions would likely arise from a change in interaction with Ubuntu- specific integrations. Previous Backports: (LP: #2127122) (LP: #2097546) (LP: #2091129) (LP: #2115258)
** Tags added: block-proposed-noble block-proposed-questing ** Description changed: ** IMPORTANT NOTE FOR SRU TEAM MEMBERS ** We will exercise a new process for this type of SRU, where there is a special case document AND security fixes involved. DO NOT ACCEPT THIS PACKAGE INTO PROPOSED + -- Andreas + **** - This bug tracks an update for the Valkey package, moving to versions: * resolute (26.04) - 9.0.3 * questing (25.10) - 8.1.6 * noble (24.04) - 7.2.12 These updates include bug fixes following the SRU special case documentation at https://documentation.ubuntu.com/sru/en/latest/reference/exception- Valkey-Updates [Upstream changes] CVE Fixes: All versions: (CVE-2025-67733) RESP Protocol Injection via Lua error_reply (CVE-2026-21863) Remote DoS with malformed Valkey Cluster bus message 9.0.x: (CVE-2026-27623) Reset request type after handling empty requests Additional bug fixes: 9.0.3: https://github.com/valkey-io/valkey/pull/3160 https://github.com/valkey-io/valkey/pull/3182 https://github.com/valkey-io/valkey/pull/3205 8.1.5-8.1.6: https://github.com/valkey-io/valkey/pull/2944 https://github.com/valkey-io/valkey/pull/2983 https://github.com/valkey-io/valkey/pull/3005 https://github.com/valkey-io/valkey/pull/3160 https://github.com/valkey-io/valkey/pull/3182 https://github.com/valkey-io/valkey/pull/3205 https://github.com/valkey-io/valkey/pull/1826 https://github.com/valkey-io/valkey/pull/2753 https://github.com/valkey-io/valkey/pull/2817 https://github.com/valkey-io/valkey/pull/2840 https://github.com/valkey-io/valkey/pull/2899 7.2.12 https://github.com/valkey-io/valkey/pull/2787 https://github.com/valkey-io/valkey/pull/2830 https://github.com/valkey-io/valkey/pull/3160 changelog - https://github.com/valkey-io/valkey/releases Based on release notes and commit logs, I do not see any backwards- incompatible changes that will affect users in the new versions. Additionally, for the upload to questing, I am including the recent change added to resolute where the maxmemory test is skipped at build time, as it often causes archive builds to fail due to timeouts. [Test Plan] Valkey autopkgtests: Direct links for autopkgtest results on amd64: https://autopkgtest.ubuntu.com/results/autopkgtest-resolute-lvoytek- valkey-sru/resolute/amd64/v/valkey/20260224_193852_d8c8b@/log.gz https://autopkgtest.ubuntu.com/results/autopkgtest-questing-lvoytek- valkey-sru/questing/amd64/v/valkey/20260224_200406_6008a@/log.gz https://autopkgtest.ubuntu.com/results/autopkgtest-noble-lvoytek-valkey- sru/noble/amd64/v/valkey/20260224_193905_c799b@/log.gz All other architectures were also successful against the PPA: https://launchpad.net/~lvoytek/+archive/ubuntu/valkey-sru [Regression Potential] Upstream has an extensive build and integration test suite. So regressions would likely arise from a change in interaction with Ubuntu- specific integrations. Previous Backports: (LP: #2127122) (LP: #2097546) (LP: #2091129) (LP: #2115258) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2142590 Title: Update Valkey to 7.2.12 in noble, 8.1.6 in questing, and 9.0.3 in resolute To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/valkey/+bug/2142590/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
